How are FTP ports decided ?

So i have a pcap log file which has FTP transfer. There is a RETR in the file which denotes Download from the FTP server and which is on stream 3 and is going on client port 49210 and server port 21 . Then i see after all the setup SYN / SYN ACK is complete the actual data transfer starts on different ports client - 49211 and server 64525.

How does the client know which server port to sent the data too.. are the port id's negotiated somewher ? also the stream on which the actual data transfer happenss is different. .

1 Answer

Yes, the ports are negotiated, or more accurately, announced. FTP can be Active Mode or Passive Mode. In the command channel, which is on port 21, look for PORT or PASV commands.

In an Active Mode connection, the client issues the PORT command and tells the server what IP address and port it will be listening on for the data connection. The server then connects to the client.

In a Passive Mode connection, the client issues the PASV command. The server then tells the client what IP address and port it will be listening on for the data connection, and the client connects to the server.